Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/oJKvvNuDtNR6OSqRaBLGPOX17iY.roa
File: oJKvvNuDtNR6OSqRaBLGPOX17iY.roa (raw, json)
Hash identifier: 2GZgWxILGeuY7LmgGzurlXU1+URdDB8G4zHTV1mEoYc=
Subject key identifier: A0:92:AF:BC:DB:83:B4:D4:7A:39:2A:91:68:12:C6:3C:E5:F5:EE:26
Certificate issuer: /CN=c76bf6b781bcf8c28008a8e8fdde60e7ae3122aa
Certificate serial: 018CC4932D4C4DF76E0114748D5EF75DFEDD
Authority key identifier: C7:6B:F6:B7:81:BC:F8:C2:80:08:A8:E8:FD:DE:60:E7:AE:31:22:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/x2v2t4G8-MKACKjo_d5g564xIqo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/oJKvvNuDtNR6OSqRaBLGPOX17iY.roa
Signing time: Mon 01 Jan 2024 10:30:28 +0000
ROA not before: Mon 01 Jan 2024 10:30:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60597
IP address blocks: 185.185.158.0/24 maxlen: 24
185.185.157.0/24 maxlen: 24
185.185.156.0/24 maxlen: 24
185.185.159.0/24 maxlen: 24
185.14.203.0/24 maxlen: 24
185.14.202.0/24 maxlen: 24
185.14.201.0/24 maxlen: 24
185.14.200.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:93:2d:4c:4d:f7:6e:01:14:74:8d:5e:f7:5d:fe:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c76bf6b781bcf8c28008a8e8fdde60e7ae3122aa
Validity
Not Before: Jan 1 10:30:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a092afbcdb83b4d47a392a916812c63ce5f5ee26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:6a:43:1f:05:75:be:20:d7:ef:64:93:6f:cf:
8e:db:65:e7:88:1e:ca:b1:dc:a2:63:7c:10:ca:20:
29:46:10:a2:09:6e:81:a1:5f:f6:c3:48:7b:7f:f9:
7d:ec:e8:93:17:a7:e9:51:f4:e0:78:d8:53:d3:2c:
71:70:81:5d:b1:c2:7b:ec:b7:7c:7d:21:c9:c6:94:
e4:a0:5c:c3:49:19:d8:1e:13:fd:71:ab:97:4d:a2:
0f:fc:5e:df:36:9d:96:fa:39:57:4c:30:13:e1:37:
10:c3:1a:f5:15:35:70:5f:6c:9d:c6:7e:75:a0:c5:
9b:d3:4e:05:aa:ce:37:e0:f9:58:8e:a3:b2:54:31:
f4:af:12:21:85:84:9e:f6:18:6a:b3:b2:cd:7c:1a:
30:84:79:0c:c0:24:16:e9:76:7e:68:20:20:c2:b8:
96:dc:bc:5f:8e:62:a5:75:4a:f2:47:b0:07:d3:2f:
9e:38:c4:3c:9c:ff:6f:33:f4:3e:32:92:7d:7e:2c:
49:64:dc:d7:52:c3:04:6f:ff:78:98:42:ba:fc:74:
2a:a0:6c:f0:84:ec:92:07:63:28:a3:0e:ed:71:e7:
32:47:21:36:46:78:67:70:a3:c1:14:26:dd:ad:e8:
a7:e0:dd:00:af:bb:bb:19:e5:2b:c2:89:21:52:34:
37:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:92:AF:BC:DB:83:B4:D4:7A:39:2A:91:68:12:C6:3C:E5:F5:EE:26
X509v3 Authority Key Identifier:
keyid:C7:6B:F6:B7:81:BC:F8:C2:80:08:A8:E8:FD:DE:60:E7:AE:31:22:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x2v2t4G8-MKACKjo_d5g564xIqo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/oJKvvNuDtNR6OSqRaBLGPOX17iY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/x2v2t4G8-MKACKjo_d5g564xIqo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.14.200.0/22
185.185.156.0/22
Signature Algorithm: sha256WithRSAEncryption
89:10:76:a0:e9:38:96:c9:e5:87:b0:fe:3e:ac:bc:86:0d:25:
1a:b3:36:36:1c:10:aa:dd:5b:6c:b3:1e:72:12:8f:e1:66:64:
06:ad:18:57:a3:2c:3f:86:50:aa:fd:b7:3d:f9:fe:47:fa:85:
4a:ff:9f:d7:66:42:5a:9c:40:11:14:32:37:30:89:d6:cc:b6:
fb:7a:77:29:3d:94:9d:d0:d7:ae:dc:80:24:82:54:04:82:24:
37:d5:4f:c4:86:10:8a:c3:a1:9c:60:ff:2f:d4:05:d6:2e:93:
48:cc:5e:aa:e4:d9:5a:e1:99:5a:82:de:76:56:66:39:86:3e:
1b:13:94:5b:6b:53:8c:9c:2d:62:31:7c:d1:38:79:95:3b:63:
2c:2d:75:63:f1:f8:f6:2c:97:3a:a4:6a:34:85:0a:84:46:f6:
85:41:94:65:cc:07:17:0e:40:89:73:55:b4:a2:81:cc:e8:a2:
90:84:24:cc:7e:65:7b:7c:21:3c:94:6c:33:e1:53:1e:9e:07:
0f:0c:ed:db:a7:82:b4:b0:2c:d7:72:f7:6d:7d:9e:74:26:84:
86:81:da:9b:46:1b:12:d9:6f:19:40:42:da:0c:69:bd:23:cf:
f5:ce:b0:09:70:55:b8:7f:b1:1e:2c:6c:aa:30:75:ed:b6:5d:
6b:b1:ba:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEky1MTfduARR0jV73Xf7dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NmJmNmI3ODFiY2Y4YzI4MDA4YThlOGZkZGU2MGU3YWUz
MTIyYWEwHhcNMjQwMTAxMTAzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDkyYWZiY2RiODNiNGQ0N2EzOTJhOTE2ODEyYzYzY2U1ZjVlZTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GpDHwV1viDX72STb8+O22XniB7K
sdyiY3wQyiApRhCiCW6BoV/2w0h7f/l97OiTF6fpUfTgeNhT0yxxcIFdscJ77Ld8
fSHJxpTkoFzDSRnYHhP9cauXTaIP/F7fNp2W+jlXTDAT4TcQwxr1FTVwX2ydxn51
oMWb004Fqs434PlYjqOyVDH0rxIhhYSe9hhqs7LNfBowhHkMwCQW6XZ+aCAgwriW
3LxfjmKldUryR7AH0y+eOMQ8nP9vM/Q+MpJ9fixJZNzXUsMEb/94mEK6/HQqoGzw
hOySB2Moow7tcecyRyE2RnhncKPBFCbdrein4N0Ar7u7GeUrwokhUjQ3kQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKCSr7zbg7TUejkqkWgSxjzl9e4mMB8GA1UdIwQY
MBaAFMdr9reBvPjCgAio6P3eYOeuMSKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDJ2MnQ0RzgtTUtBQ0tqb19kNWc1NjR4SXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iMTc4YmQtYjZhNS00NjEwLThjNmEt
YWJmNDg0MGVhNjA3LzEvb0pLdnZOdUR0TlI2T1NxUmFCTEdQT1gxN2lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iMTc4YmQtYjZhNS00NjEwLThjNmEtYWJmNDg0MGVhNjA3
LzEveDJ2MnQ0RzgtTUtBQ0tqb19kNWc1NjR4SXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuQ7IAwQC
ubmcMA0GCSqGSIb3DQEBCwUAA4IBAQCJEHag6TiWyeWHsP4+rLyGDSUaszY2HBCq
3Vtssx5yEo/hZmQGrRhXoyw/hlCq/bc9+f5H+oVK/5/XZkJanEARFDI3MInWzLb7
encpPZSd0Neu3IAkglQEgiQ31U/EhhCKw6GcYP8v1AXWLpNIzF6q5Nla4Zlagt52
VmY5hj4bE5Rba1OMnC1iMXzROHmVO2MsLXVj8fj2LJc6pGo0hQqERvaFQZRlzAcX
DkCJc1W0ooHM6KKQhCTMfmV7fCE8lGwz4VMengcPDO3bp4K0sCzXcvdtfZ50JoSG
gdqbRhsS2W8ZQELaDGm9I8/1zrAJcFW4f7EeLGyqMHXttl1rsbom
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:06 2024 by rpki-client on console-ams.rpki-client.org